Mailinglist Archive: opensuse-security (88 mails)

< Previous Next >
Re: [suse-security] VPN and SuSEfirewall2
  • From: Jonathan Baxter <jbaxter@xxxxxxxxxxxxx>
  • Date: Thu, 27 Apr 2006 22:20:52 +0930
  • Message-id: <200604272220.52753.jbaxter@xxxxxxxxxxxxx>
Hallelujah. It works.

I changed:

FW_FORWARD="192.168.1.0/24,192.168.200.0/24,,,ipsec \
192.168.200.0/24,192.168.1.0/24,,,ipsec"

to:

FW_FORWARD="192.168.1.0/24,192.168.200.0/24 \
192.168.200.0/24,192.168.1.0/24"

ie, dropped the "ipsec" flag.

The documentation in SuSEfirewall2 seems to imply that the ipsec flag should
be there, so maybe this is a bug:

# Examples:
# - "192.168.1.0/24,10.10.0.0/16,,,ipsec \
# 10.10.0.0/16,192.168.1.0/24,,,ipsec" permit traffic
# from 192.168.1.0/24 to 10.10.0.0/16 and vice versa
# provided that both networks are connected via an
# IPsec tunnel.

It may be worth adding a remark
to /usr/share/doc/packages/openswan/README.SUSE listing the parameters that
need to be configured in SuSEfirewall2 for network-network ipsec to work
(assuming you want to use both ipsec VPN and the SuSE firewall together.
Personally I like the SuSE firewall configuration, which is why I wasted so
much time on this....).

Thanks to everyone who replied.

- Jonathan

< Previous Next >
Follow Ups